Device calibration impacts security of quantum key distribution 
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Characterizing the physical channel and calibrating the cryptosystem hardware are prerequisites 
for establishing a quantum channel for quantum key distribution (QKD). Moreover, an inappro- 
priately implemented calibration routine can open a fatal security loophole. We propose and ex- 
perimentally demonstrate a method to induce a large temporal detector efficiency mismatch in a 
commercial QKD system by deceiving a channel length calibration routine. We then devise an 
optimal and realistic strategy using faked states to break the security of the cryptosystem. A fix for 
this loophole is also suggested. 
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Quantum key distribution (QKD) offers uncondition- 
ally secure communication as eavesdropping disturbs the 
transmitted quantum states, which in principle leads to 
the discovery of the eavesdropper Eve [1]. However, 
practical QKD implementations may suffer from techno- 
logical and protocol-operational imperfections that Eve 
could exploit in order to remain concealed [2, 3]. 

Until now, a variety of eavesdropping strategies have 
utilized differences between the theoretical model and the 
practical implementation, arising from (technical) im- 
perfections or deficiencies of the components. Ranging 
from photon number splitting and Trojan-horse, to leak- 
age of information in a side channel, time-shifting and 
phase-remapping, several attacks have been proposed 
and experimentally demonstrated [4-8] . Recently, proof- 
of-principle attacks [9-11] based on the concept of faked 
states [12] have been presented. Eve targets imperfec- 
tions of avalanche photodiode (APD) based single-photon 
detectors [13] that allow her to control them remotely. 

Another important aspect of QKD security not yet in- 
vestigated, however, is the calibration of the devices. A 
QKD protocol requires a classical and a quantum chan- 
nel; while the former must be authenticated, the latter 
is merely required to preserve certain properties of the 
quantum signals [2, 14]. The establishment of the quan- 
tum channel remains an implicit assumption in security 
proofs: channel characterization (e.g. channel length) 
and calibration of the cryptosystem hardware, especially 
the steps involving two-party communication, haven't yet 
been taken into account. As we show, the calibration of 
the QKD devices must be carefully implemented, other- 
wise it is prone to hacks that may strengthen existing, or 
create new eavesdropping opportunities for Eve. 

In this Letter, we propose and experimentally demon- 




FIG. 1. Typical detection system in a Mach-Zehnder interfer- 
ometer based QKD implementation: The bit and basis choices 
of Alice and Bob (phases (/^aucc and ipBob) determine the inter- 
ference result at the 50:50 beam splitter (BS), or which of the 
two detectors DO or Dl would click. It is thus crucial that DO 
and Dl are indistinguishable to the outside world (i.e. Eve). 
If gated mode APDs are employed, the detector control board 
ensures that the activation of DO and Dl (via voltage pulses 
Vo{t) and Vi{t)) happens almost simultaneously, to nullify any 
existing temporal efficiency mismatch. 



strate the hacking of a vital calibration sequence during 
the establishment of the quantum channel in the com- 
mercial QKD system Clavis2 from ID Quantique [15]. 
Eve induces a parameter mismatch [16] between the de- 
tectors that can break the security of the QKD system. 
Specifically, she causes a temporal separation of the or- 
der of 450 ps of the detection efficiencies by deceiving 
the detection system, shown in Fig. 1. This allows her 
to control Bob's detection outcomes using time, a pa- 
rameter already shown to be instrumental in applying 
a time-shift attack (TSA) [7]. Alternatively, she could 
launch a faked-state attack (FSA) [16] for which we cal- 
culate the quantum bit error rate (QBER) under realistic 
conditions. Since FSA is an intercept-resend attack. Eve 
has full information-theoretic knowledge about the key 
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FIG. 2. Manipulation of the calibration routine: (a) Sim- 
plified version of Alice and Bob devices and Eve (in italic) 
gearing for the hack. FM: Faraday mirror, CD: classical pho- 
todiode, DLs: delay loops, VOA: variable optical attenuator, 
CR: coupler, BS: 50:50 beam splitter, PBS: polarizing beam 
splitter, C: optical circulator. The hexagonal-shaped objects 
are phase modulators (PMs); ipx, where X is Bob, Alice or 
Eve, represents the applied modulation, (b) Timeline for a 
cycle of the hacked LLM. K-: PM voltage for a tt phase shift. 



as long as Alice and Bob accept the QBER at the given 
channel transmission T, and do not abort key genera- 
tion [17]. Constricting our FSA to match the raw key 
rate expected by Bob and Alice, i.e. maintaining T at 
nearly the exact pre-attack level, we find that the secu- 
rity of the system is fully compromised. Our hack has 
wide implications: most practical QKD schemes based 
on gated APDs, in both plug-and-play and one-way con- 
figurations [19-21], need to perform channel characteri- 
zation and hardware calibration regularly. A careful im- 
plementation of these steps is required to avoid leaving 
inadvertent backdoors for Eve. 

The optical setup of Clavis2 is based on the plug- 
and-play QKD scheme [15, 19]. An asymmetric Mach- 
Zehnder interferometer operates in a double pass over the 
quantum channel by using a Faraday mirror; see Fig. 2(a) 
without Eve. The interference of the paths taken by two 
pulses travelling from Bob to Alice and back is deter- 
mined by their relative phase modulation {(fiBoh — V^AHcc), 
and forms the principle for encoding the key. Any bire- 
fringence effects of the quantum channel are passively 
compensated. As a prerequisite to the key exchange, 
Clavis2 calibrates its detectors in time via a sequence 
named Line Length Measurement (LLM). Bob emits a 
pair of bright pulses and applies a series of detector gates 
around an initial estimate of their return. The timing 
of the gates is electronically scanned (while monitoring 
detector clicks) to refine the estimation of the channel 
length and relative delay between the time of arrival of 
the pulses at DO and Dl. Alice keeps her phase mod- 
ulator (PM) switched off, while Bob applies a uniform 
phase of 7r/2 to one of the incoming pulses. Therefore, 
both detectors are equally illuminated and their detection 



efficiencies, denoted by ijoit) and r]i{t), can be resolved 
in time. Any existing mismatch can thus be minimized 
by changing the gate-activation times (see Fig. 1). 

However, the calibration routine does not always suc- 
ceed; as reported in [7], a high detector efficiency mis- 
match (DEM) is sometimes observed after a normal run 
of LLM. For example, we have noticed a temporal mis- 
match as high as 400 ps in Clavis2. This physical limita- 
tion of the system - arising due to fast and uncontrollable 
fiuctuations in the quantum channel or electromagnetic 
interference in the detection circuits - is the vulnerabil- 
ity that the TSA exploits. However, the attack has some 
limitations: it is applicable only when the temporal mis- 
match happens to exceed a certain threshold value, which 
is merely 4% of all the instances [7]. Also, Eve can nei- 
ther control the mismatch (as it occurs probabilistically), 
nor extract its value (as it is not revealed publicly). 

We exploit a weakness of the calibration routine to 
induce a large and deterministic DEM without needing 
to extract any information from Bob. As depicted in 
Fig. 2(a), Eve installs her equipment in the quantum 
channel such that the laser pulse pair coming out of Bob's 
short and long arm passes through her PM. Eve's modu- 
lation pattern is such that a rising edge in the PM volt- 
age fiips the phase in the second (long arm) optical pulse 
from — 7r/2 to 7r/2, as shown in Fig. 2(b). As a result of 
this hack, when the pulse pair interferes at Bob's 50:50 
beam splitter, the two temporal halves have a relative 
phase difference {ipBoh — fEve) of tt and 0, respectively. 
This implies that photons from the first (second) half of 
the interfering pulses yield clicks in Dl (DO) determin- 
istically. As the LLM localizes the detection efficiency 
peak corresponding to the optical power peak, an arti- 
ficial temporal displacement in the detector efficiencies 
is induced. An inverse displacement can be obtained by 
simply inverting the polarity of Eve's phase modulation. 

In the supplementary section [22], we describe a proof- 
of-principle experiment to deceive the calibration routine. 
With this setup, we record the temporal separation Api, 
i.e. the difference between the delays for electronically 
gating DO and Dl, for several runs of LLM. Relative to 
the statistics from the normal runs (denoted by Agi^™), 
the hacked runs yield an average shift, Aq™ — Aq°^™ — 
459 ps with a standard deviation of 105 ps. Figure 3 
shows the detection efficiencies rio{t) and rii{t) (mea- 
surement method explained in [22]) for the normal and 
hacked cases. It also provides a quantitative comparison 
between the usual and induced mismatch. Note that a 
larger mismatch can be obtained by modifying the shape 
of laser pulses coming from Bob. 

After inducing this substantial efficiency mismatch. 
Eve can use an intercept-resend strategy employing 
'faked states' [12] to impose her will upon Bob (and Al- 
ice). Compared to her intercepted measurements, she 
prepares the opposite bit value in the opposite basis and 
sends it with such a timing that the detection of the op- 
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FIG. 3. Induced temporal mismatch: Efficiencies »7o(t) (dot- 
ted) and (daslied) from normal LLMs, on the left, and 
after Eve's hack that induced a separation of 459 ps, on the 
right. The logarithm of their ratio, quantifying the degree of 
mismatch (solid line), is at least an order of magnitude higher 
in the flanks after Eve's hack; the dash-dot line indicates zero 
mismatch. To eavesdrop successfully. Eve times the arrival of 
"appropriately bright" faked states a,t t — to or ti in Bob. 



posite bit value is suppressed due to negligible detection 
efSciency. As an example, assume that Eve measures bit 
in the Z basis [in a phase-coded scheme, measuring in Z 
(X) basis <^ applying ip = (7r/2)]. Then, she resends 
bit 1 in the X basis, timed to be detected at t = to (see 
Fig. 3), where Dl is almost blind. Using the numerical 
data on the induced mismatch, Eq. 3 from [16] yields a 
QBER < 0.5% if the FSA is launched at times and ti 
where the efficiency mismatch is high. 

However, it can be observed that the detection proba- 
bilities for DO and Dl are quite low in this case. A con- 
siderable decrease in the rate of detection events in Bob 
could ensue an alarm. Also, the (relatively increased) 
dark counts would add significantly to the QBER. In fact. 
Eve needs to match the channel transmission T that Alice 
and Bob expect, without exceeding the QBER threshold 
at which they abort key generation [17]. Experimentally, 
we find that the abort threshold depends on the channel 
loss seen by Clavis2; for an optical loss of 1-6 dB (corre- 
sponding to 0.79 > T > 0.25), it lies between 5.94-8.26%. 

Eve solves these problems by increasing the mean 
photon number of her faked states. To evaluate her 
QBER, we elaborate the approach of [16] by general- 
izing table I from this reference. Our attack strat- 
egy, carefully accounting for all the involved factors, 
is summarized in Table I. For instance, in the first 
row we replace the probability of detection r/o(io)/2 
by 1 — exp (— /io?7o(io)/2) for a coherent-state pulse of 
mean photon number /ig impinging on Bob's detectors 
at time to. Including the effect of the dark counts into 
this expression, Bob's probability to register becomes 
qo = do + (1 - do) (1 - exp (-/iof?o(io)/2)), where do is 
the dark count probability in detector DO. A row for 
double clicks, i.e. simultaneous detection events in DO 
and Dl, is added for every (re-sent) state. 

Due to the FSA, the DO/1 click probability at time t 
no longer depends solely upon 77o/i(^)- Summing over all 
the states sent by Alice (by extending Table I), the total 
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TABLE I. Faked-state attack, given that Alice prepared bit 
in the Z basis and that Bob measured in the Z basis (only 
matching basis at Alice and Bob remains after sifting). The 
first column contains the basis chosen by Eve and her mea- 
surement result. The second column shows parameters of 
the faked state resent by Eve: basis, bit, mean photon num- 
ber, timing. The third column shows Bob's measurement re- 
sult; n 1 denotes a double click. The last column shows the 
corresponding click probabilities (ignoring possible superlin- 
earity effect in gated detectors [18]). Note: The first result 
(^ Eve = Z, 0) is twice as likely to occur as the other two. 



detection probabilities in DO and Dl when the attack is 
launched at specific times to and ti are 



(1) 



]5o(mo,A*i) = 0.75 + 0.25d- 0.25(1 -rf)x 

(■g-0-5A'o'?oo _j_ g-0.5AiiJ7oi _|_ ^-fJ-iVai^ 

Pl{^Jio,^^l) 0.75 + 0.25d- 0.25(1 -d)x 

^g-0.5Aio';io g-0.5Airi;ii ^g-A'o''?io^ ^2) 



Here rjjk = 'nj{tk) with j, k e {0, 1} and d = mean (c?o, di) 
are used to simplify the expressions. Similarly, one can 
compute the expression for ponii the total double-click 
probability. Eve's error probability, the arrival probabil- 
ity of the optical signals in Bob, and the QBER are 

^0^(^0,^*1) = 0.75 + 0.25d-0.5poni-0.125x (3) 

(1 — d) ^e^**"''"' + 2e^'^'^'^''''"' -|- e^'^^'''" -|- 2e^'''^'^^'''") 

Parrivo(MO, Ml) = +Pl - POnl , (4) 
QBER(/io,Mi) — Per VOX (A*0, A*l)/Parrivc(A*0, ■ (5) 

Here double clicks are assumed to be assigned a random 
bit value by Bob [25], causing an error in half the cases. 

If Alice and Bob are connected back-to-back (channel 
transmission T « 1), the click probabilities in Bob should 
be slightly less than half of the peak values in Fig. 3. This 
is owing to optical losses (^ 3dB) in Bob's apparatus. 
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Pa (click probability in DO) 

FIG. 4. Minimum QBER versus click probabilities in DO 
and Dl: Eve minimizes the error with a suitable choice of 
the mean photon number of the faked states (for this plot, 
1 < ^io < 100 and 21 < /^i < 120 at Bob's detectors). The 
thick shaded line indicates Bob's detection probabilities. The 
QBER introduced by Eve stays below 7% for T > 0.25. 

Eve's constraints can now be formalized as: starting in 
the vicinity of po = 0.038 and pi = 0.032, not only does 
she have to match Bob's expected detection rate for any 
given T < 1, but also keep the resultant QBER below the 
threshold at which Clavis2 aborts the key exchange. We 
assume Eve detects photons at Alice's exit using a perfect 
apparatus, and resends perfectly aligned faked states. 

Substituting ti = —1.32 ns, to — 1-90 ns (marked in 
Fig. 3) and d = 2.4 x 10""' in Eqns. 1-5, Eve collects 
tuples [poj Pi I QBER] by varying /xq and ni in a suitable 
range. Out of all tuples that feature the same detection 
probabilities (arising from different combinations of /io 
and /ii). Eve chooses the one having the lowest QBER. 
A contour plot in Fig. 4 displays this minimized error 
min^(,_pj QBER((/io, Mi)| (pojPi))- The thick shaded line 
shows that for T > 0.25, Eve not only maintains the 
detection rates within 5% of Bob's expected values, but 
also keeps the QBER below 7% [? ]; thus breaking the 
security of the system. Note that the simulation assumes 
a lossless Eve, but in principle she can cover loss from 
her realistic detection apparatus by increasing /zq and 
further and/or including to and ti in the minimization. 

To counter this hack, Bob should randomly apply a 
phase of or TT (instead of 7r/2 uniformly) while perform- 
ing LLM. This modification is implementable in software 
and has already been proposed to ID Quantique. More 
generally, a method to shield QKD systems from attacks 
that exploit DEM is described in Ref. [23]. 

In conclusion, we report a proof-of-principle experi- 
ment to induce a large detector efhciency mismatch in 
a commercial QKD system by deceiving a vital calibra- 
tion routine. An optimized faked-state attack on such a 
compromised system would not alarm Alice and Bob as 
it would introduce a QBER < 7% for a large range of 
expected channel transmissions. Thus, the overall secu- 



rity of the system is broken. With initiatives for stan- 
dardizing QKD [24] underway, we believe this report is 
timely and shall facilitate elevating the security of prac- 
tical QKD systems. 
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Device calibration impacts security of quantum key distribution: Technical appendix 
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FIG. 5. Eve's implementation (mAlice) by modifying Alice's module: The onboard pulser driving the phase modulator (PM) 
is disconnected, and the PM itself is positioned before the 23.5 km delay loops (DLs). The trigger conditioner circuit allows 
(prevents) the pulse & delay generator to be triggered by the short arm (long arm) optical pulses. Newly added components 
to the original Alice module are labeled in italic. VOA: variable optical attenuator, FM: Faraday mirror. 



Implementation of the hack: Here, we explain our experimental implementation of the scheme outlined in the 
Letter for deceiving Line Length Measurement (LLM), the calibration routine of the Clavis2 QKD system [15]. For 
this purpose, we rig the module of Alice as shown in Fig. 5. From now on, we call this manipulated device mAlice. An 
electronic tap placed on the classical detector (normally used by Alice for measuring the incoming optical power [5]) 
is conditioned appropriately with a homemade circuit. The output of this circuit provides the trigger for the pulse & 
delay generator (PDG, Highland Technology P400), which essentially drives the phase modulator (PM) in mAlice. 

For experimental convenience, we also change the settings in the Clavis2 firmware (Bob's EEPROM specifically) 
such that during the execution of LLM, <y9Bob = is applied instead of the usual tt/2. This relaxes the requirement on 
Eve's modulation pattern: in comparison to the waveform in Fig. 2(b) in the Letter, the PDG needs to switch simply 
from to Vtt through the center of the optical pulse. This is in principle equivalent to the scheme in Fig. 2(b) in the 
Letter, while easier to implement. In other words, it does not affect a full implementation of Eve. Normally, Alice 
applies the phase modulation in a double pass by making use of the Faraday mirror. However, the PM in mAlice is 
shifted closer to Alice's entrance (i.e. before the delay loops) to enable a precise synchronization of the PDG. To ensure 
that the photons passing through the PM (in a single pass now) pick up the requisite 'tt' modulation, a polarization 
controller is deployed before the PM. 

Finally, the synchronization of the rising edge of Eve's modulation to the center of the optical pulse is performed by 
scanning the delay in the PDG (in steps of 5 ps) while monitoring the interference visibility [15]. As Eve's modulation 
flips the phase of the optical pulse through the center, the visibility reduces to zero. The corresponding delay setting 
of the PDG can then be used to induce the temporal efficiency mismatch between Bob's detectors DO and Dl, during 
the execution of LLM. 

We emphasize that the mAlice module serves as a proof-of-principle implementation only for inducing the detector 
efficiency mismatch during the LLM. It should not be confused with Eve's intercept or resend modules, needed in 
the subsequent faked-state attack. Finally, note that Eve is free to modify Bob's pulses or replace them by her 
suitably-prepared pulses, and thus effectively control the amount of detection efficiency mismatch that can be induced. 



Measurement of efficiency curves: Detection efficiencies 770 (0 and 771 (i) are estimated at single-photon level by 
scanning the detector gates in steps of 20 ps with an external laser (optical pulse- width ^ 200 ps). We average the 
click probability per gate and subtract do/i (the dark count rate in DO/1) from it. This gives a more accurate estimate 
of the efficiencies, especially in the flanks (see Fig. 3 in the Letter). 



